[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RPM security (a newbie question)



Stanisław T. Findeisen wrote:
> Rahul Sundaram wrote:
>>> Probably there are lots of packages reviewed by their authors only?
>>
>> Review and signing are two different processes. Every single new package
>> has to go through a review process as outlined in
>>
>> http://fedoraproject.org/wiki/Packaging/ReviewGuidelines
>>
>> Signing a package is done by a small number of people in the release
>> engineering team and they do that manually before pushing it into the
>> repositories.
> 
> Well, it looks that those "review guidelines" cover mostly
> administrative/legal issues. It looks that no one cares about the source
> code.

You missed that the review guidelines has a source check as well. Read
it in detail.

Rahul


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]